blackmoon | 571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f | Triage

Submit
Reports

Overview

overview

Static

static

571534c76f...7f.exe

windows7-x64

7

571534c76f...7f.exe

windows10-2004-x64

Sharing

General

Target

571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f
Size

13.6MB
Sample

240630-zbzc8sxhqr
MD5

3bd7553f43d16159e1f141fe43e07194
SHA1

77b0a0aa7fc002058c57c6def8b54526bb7135e3
SHA256

571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f
SHA512

21f8d3d8b89ba1bfb6124a1a7db1d6076cbf45534c8c229695a0ab5f8aed479162551c70a5a1407faf2a171689c94e1097e78ba995025a800c584e93a1d35076
SSDEEP

196608:MyC9ThUidFm43C3H9qCWWM2wUWuzUCUQezSztm/s8uzJMeM25B2N15eVB77ffhEC:MyC9lU8NCX9BWwWcUbe2CIDIvffSR2b

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f.exe

Resource

win7-20240508-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f.exe

Resource

win10v2004-20240611-en

blackmoon banker trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f
- Size
  
  13.6MB
- MD5
  
  3bd7553f43d16159e1f141fe43e07194
- SHA1
  
  77b0a0aa7fc002058c57c6def8b54526bb7135e3
- SHA256
  
  571534c76fa71bb4da25546b392832d51560eb3f169f1e8bc957295269c3b47f
- SHA512
  
  21f8d3d8b89ba1bfb6124a1a7db1d6076cbf45534c8c229695a0ab5f8aed479162551c70a5a1407faf2a171689c94e1097e78ba995025a800c584e93a1d35076
- SSDEEP
  
  196608:MyC9ThUidFm43C3H9qCWWM2wUWuzUCUQezSztm/s8uzJMeM25B2N15eVB77ffhEC:MyC9lU8NCX9BWwWcUbe2CIDIvffSR2b
Score

10^/10

upx blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy